Communication between the data center and a Gmail client is encrypted, but still available with a warrant from the source

by SALVADOR RODRIGUEZ, MCCLATCHY NEWS SERVICE
/
March 21, 2014

Google announced Thursday that it will now encrypt emails sent through Gmail at all times, a change that comes following reports regarding the National Security Agency's Internet surveillance programs.

Now, when users connect to Gmail through the Web, they will always do so using a Hypertext Transfer Protocol Secure, or HTTPS, connection.

"Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers -- no matter if you're using public Wi-Fi or logging in from your computer, phone or tablet," Google said in a blog.

RELATED

Using an HTTPS connection has been an option for Gmail users since the service was launched. Google made HTTPS the default option in 2010, but Thursday's announcement no longer gives users the option to use an insecure HTTP connection instead.

Google also said that Gmail messages will be encrypted when they are handled internally by the company.

Although Google does not specifically call out the NSA, the company alludes to reports from documents released by whistleblower Edward Snowden last year as the reason why it is employing these changes.

"This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers -- something we made a top priority after last summer’s revelations," Google said.

[Updated at 2:08 p.m., March 20: Jonathan Sander, vice president of strategy and research at data management firm STEALTHbits Technologies, said the Gmail HTTPS changes secure users' messages but not if the government has a subpoena to see them.

“Many will cast this in the light of protecting from government snooping, but as long as the government has the right to subpoena straight from the source, there’s not much protection going on," Sander said in a statement. "Having encrypted communication between the data center and your Gmail client doesn’t help when the data center is open to anyone with enough legal power to get your information at the source.”]